1. Field of the Invention
The present invention relates generally to access control, and more particularly to a system and method for controlling access to a resource.
2. Description of the Related Art
Modern computing systems often employ security measures to control access to protected resources. For example, a computing system may implement authentication and authorization processes in order to prevent unauthorized entities from accessing a protected resource. Authentication may include the computing system prompting an entity to provide a credential in order to verify the entity's identity. The authentication may be based on a username and password, a smart card and personal identification number (PIN), or other information associated with the entity. Authorization may include the computing system checking attribute information of the entity in order to verify that the entity is authorized to access the requested resource. For example, the computing system may grant or deny access to a resource based on whether the attribute information of the requesting entity satisfies predefined criteria.
A management system may be employed to manage information, such as user accounts and their associated attributes, and security processes, such as authentication and authorization processes. The computing system or application that provides the protected resource may include such a management system. That is, the computing system or application may manage the information and security processes locally using its own management system dedicated to one or more resources the computing system provides. Alternatively, the computing system or application that provides the protected resource may use a centralized management system.
A centralized management system may provide, among other things, information management and authentication services for various entities on a network. If the protected resource is on the network, then an administrator or other party responsible for managing the protected resource may choose to use the centralized management system for authenticating and authorizing users rather than create and/or use a separate local management system dedicated to one or more local resources.